From 5a76584aa883587f92ccfcc54bbdfe2e9c948644 Mon Sep 17 00:00:00 2001
From: deathbybandaid <github@deathbybandaid.net>
Date: Tue, 4 Apr 2023 17:53:48 -0400
Subject: [PATCH] freeipa as a CA

---
 50-Checking_IPA_Realm_Join_Status.sh | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/50-Checking_IPA_Realm_Join_Status.sh b/50-Checking_IPA_Realm_Join_Status.sh
index 3ed9627..6368f04 100644
--- a/50-Checking_IPA_Realm_Join_Status.sh
+++ b/50-Checking_IPA_Realm_Join_Status.sh
@@ -20,7 +20,7 @@ fi
 
 ## FreeIPA Realm Join
 if [ "$realm_join" == 1 ]; then
-  if (whiptail --title "FreeIPA Relam Join" --yes-button "yes" --no-button "no" --yesno "Do You want to join a FreeIPA Realm?" 10 80)
+  if (whiptail --title "FreeIPA Realm Join" --yes-button "yes" --no-button "no" --yesno "Do You want to join a FreeIPA Realm?" 10 80)
   then
 
     if [[ $HOSTNAME == *template* ]]; then
@@ -38,3 +38,21 @@ if [ "$realm_join" == 1 ]; then
     printf "$COL_CYAN"  "** Skipping realm joining"
   fi
 fi
+
+
+if [[ ! -f /var/lib/ipa-client/sysrestore/sysrestore.state ]]
+then
+  printf "$COL_YELLOW" "** $HOSTNAME appears to not be joined to FreeIPA Server Realm, skipping Cert Question"
+else
+  printf "$COL_GREEN" "** $HOSTNAME appears to be joined to FreeIPA Server Realm, Checking if user wants a cert."
+
+  if (whiptail --title "FreeIPA CA" --yes-button "yes" --no-button "no" --yesno "Do You want to use FreeIPA as a CA and get a certificate?" 10 80)
+  then
+    mkdir -p /etc/certmonger/certs
+    ipa-getcert request -f /etc/certmonger/certs/app.crt -k /etc/certmonger/certs/app.key -K HTTP/$(hostname -f) -D $(hostname -f) -N $(hostname -f)
+    sudo getcert list
+  else
+    printf "$COL_CYAN"  "** Skipping Cert Grabbing"
+  fi
+
+fi